Security Leftovers
UK's Ministry of Defence coughs up bug bounties for crowdsourced pentesting • The Register
The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed web-accessible systems for vulnerabilities, according to a cheery missive from HackerOne.
A month-long "hacker security test" culminated in a couple of dozen folk being handed unspecified rewards – and marking the first public confirmation of HackerOne's UK government partnership.
Google revamps bug bounty program • The Register
Google has revealed that its bug bounty program – which it styles a "Vulnerability Reward Program" – has paid out for 11,055 bugs found in its services since 2010.
11,055 bugs seems like a lot, but it's not out of step with other vendors. Microsoft's monthly Patch Tuesday packages regularly fix over 100 flaws, while Oracle's quarterly patch collections often contain well more than 300 pieces of corrective code. Across 11 years, the two abovementioned vendors would also produce over 11,000 bugs.
Linux Kernel Security Done Right (Google Security Blog)
Over on the Google Security Blog, Kees Cook describes his vision for approaches to assuring kernel security in a more collaborative way. He sees a number of areas where companies could work together to make it easier for everyone to use recent kernels rather than redundantly backporting fixes to older kernel versions. It will take more engineers working on things like testing and its infrastructure, security
Linux Kernel Security Done Right
As we approach its 30th Anniversary, Linux still remains the largest collaborative development project in the history of computing. The huge community surrounding Linux allows it to do amazing things and run smoothly. What's still missing, though, is sufficient focus to make sure that Linux fails well too. There's a strong link between code robustness and security: making it harder for any bugs to manifest makes it harder for security flaws to manifest. But that's not the end of the story. When flaws do manifest, it's important to handle them effectively.
Programming Leftovers
Raspberry Pi Compute Module 4 Gains Native SATA Support
Raspberry Pi OS now has SATA support built into the kernel. Before you rush to tear the hard drive from your PC and hook it up to your Pi, there?s a catch: you?ll need a Compute Module 4 instead of the standard 4B or 400 models. And for now you can?t boot from it. YouTuber and Jeff Geerling, who is responsible in part for the addition, has an insightful blog post on the matter, and a video essay embedded below.
Ubuntu Blog: UbuntuOnAir update
It’s been a couple of months since we restarted UbuntuOnAir. We had a few ideas, and lots of aspirations, but we wanted to be realistic and work our way up. You can read about why we brought it back and why we didn’t use the more mainstream channel “Celebrate Ubuntu” elsewhere. Here I talk about some of the things we’ve done, some of the lessons we’ve learnt, and what’s next. If at any point you become curious and want to watch the videos head to ubuntuonair.com and scroll through. [...] We’ve done other things too, not as much as I’d have liked, but some. We’ve done a ‘gaming’ stream, a tutorial about making tutorials, and a chat with the engineers behind Ubuntu on the Raspberry Pi. They were all one-offs but with the potential to become a series/playlist with return appearances. There’s a sizable difference in the engagement figures with these videos though. The Raspberry Pi video did significantly better, both in terms of views and general engagement. We tracked this down to three factors; consistency, relevancy, and marketing. The consistency factor is inferred since the other videos we do have are all part of a consistent series and these are not. The relevancy factor is really unavoidable, from my work on Ubuntu on Raspberry previously I know that if you put ‘Raspberry Pi’ in a headline it’s going to do well. And marketing. In the beginning, we promoted the videos more openly. That isn’t to say we don’t still, but we have more things to promote now so it feels like the traffic to the videos is cannibalizing itself. Some food for thought.
